Re: [OE-devel] [PATCH] ntp: Resolve some abnormal behaviors

[Xufeng Zhang <xufeng.zhang@windriver.com>]

On 06/10/2013 11:29 PM, Joe MacDonald wrote:
> Hey Xufeng,
>
> [[oe] [OE-devel] [PATCH] ntp: Resolve some abnormal behaviors] On 13.05.31 (Fri 14:18) Xufeng Zhang wrote:
>
>    
>> The main changes include:
>> 1). Add ntp:ntp(user:group) to system.
>> 2). Running ntpd dameon as ntp:ntp.
>> 3). Move relevant files from /usr/bin to /usr/sbin.
>> 4). Add crypto support.
>>      
> This one seems to have trailed off.  Sorry if you guys were waiting on
> my input as well.
>    

Sorry for late response, I have missed this email.

> First, I agree with Paul on both #3 and #4.

Now I also agree that I should drop #4.

> I would rather see a patch
> that updates NTP to use sbindir instead of bindir in the options

I'm not quite understand what's the meaning of "in the options".

I'll explain how "--with-binsubdir" works for ntp:
"--with-binsubdir" controls whether we use bin_PROGRAMS or sbin_PROGRAMS
for built binaries in Makefile, in others words, it controls where we 
install the
binaries. If "--with-binsubdir" is not set or if "--with-binsubdir=bin", 
then we use
bindir, otherwise, if "--with-binsubdir=sbin", we use sbindir, so if we 
want to
install the binaries into sbindir, we must specify "--with-binsubdir=sbin".


> (or at
> least a follow-up indicating that it's infeasible for some reason, I
> also don't know what NTP's build system looks like, so maybe that's not
> an option).  I also agree that my preferred scenario is for the system
> to be as secure as possible by default, but crypto support is available
> and not everyone wants or needs it.  We (relatively) recently when
> through an extended discussion about ntp versus ntp-ssl and the current
> situation seems to be the best compromise for everyone.
>
> As a more general comment, you have four bullet-points below.  That's
> normally an indication (to me, at least) that four patches are
> appropriate.  Looking a bit closer, it looks like two related changes
> and two unrelated ones, so I'd want to see three patches for this unless
> there's a good reason why all of them are tied together.
>
> #1 and #2 aren't likely to be contentious, so feel free to send out a
> single patch doing both of those any time and we can revisit #3 and #4
> at your convenience.
>    

Thank you very much for the detail suggestions and explanations!
I'll send V2 patch until we come to a agreement on #3.


Xufeng

> Thanks,
> -J.
>
>    
>> [YOCTO #4567]
>> [ CQID: WIND00417282 ]
>>
>> Signed-off-by: Xufeng Zhang<xufeng.zhang@windriver.com>
>> ---
>>   meta-networking/recipes-support/ntp/files/ntpd    |    8 ++++----
>>   meta-networking/recipes-support/ntp/files/ntpdate |    6 +++---
>>   meta-networking/recipes-support/ntp/ntp.inc       |   20 ++++++++++++--------
>>   3 files changed, 19 insertions(+), 15 deletions(-)
>>
>> diff --git a/meta-networking/recipes-support/ntp/files/ntpd b/meta-networking/recipes-support/ntp/files/ntpd
>> index ae50f13..285f5c0 100755
>> --- a/meta-networking/recipes-support/ntp/files/ntpd
>> +++ b/meta-networking/recipes-support/ntp/files/ntpd
>> @@ -1,7 +1,7 @@
>>   #! /bin/sh
>>   #
>>   # ntpd	init.d script for ntpdc from ntp.isc.org
>> -test -x /usr/bin/ntpd -a -r /etc/ntp.conf || exit 0
>> +test -x /usr/sbin/ntpd -a -r /etc/ntp.conf || exit 0
>>   # rcS contains TICKADJ
>>   test -r /etc/default/rcS&&  . /etc/default/rcS
>>
>> @@ -9,9 +9,9 @@ test -r /etc/default/rcS&&  . /etc/default/rcS
>>   settick(){
>>     	# If TICKADJ is set we *must* adjust it before we start, because the
>>   	# driftfile relies on the correct setting
>> -	test -n "$TICKADJ" -a -x /usr/bin/tickadj&&  {
>> +	test -n "$TICKADJ" -a -x /usr/sbin/tickadj&&  {
>>   		echo -n "Setting tick to $TICKADJ: "
>> -		/usr/bin/tickadj "$TICKADJ"
>> +		/usr/sbin/tickadj "$TICKADJ"
>>   		echo "done"
>>   	}
>>   }
>> @@ -21,7 +21,7 @@ startdaemon(){
>>   	# this.  If ntpd seems to disappear after a while assume TICKADJ
>>   	# above is set to a totally incorrect value.
>>   	echo -n "Starting ntpd: "
>> -	start-stop-daemon --start -x /usr/bin/ntpd -- -p /var/run/ntp.pid "$@"
>> +	start-stop-daemon --start -x /usr/sbin/ntpd -- -u ntp:ntp -p /var/run/ntp.pid "$@"
>>   	echo "done"
>>   }
>>   stopdaemon(){
>> diff --git a/meta-networking/recipes-support/ntp/files/ntpdate b/meta-networking/recipes-support/ntp/files/ntpdate
>> index ab0551c..17b64d1 100755
>> --- a/meta-networking/recipes-support/ntp/files/ntpdate
>> +++ b/meta-networking/recipes-support/ntp/files/ntpdate
>> @@ -1,8 +1,8 @@
>>   #!/bin/sh
>>
>> -PATH=/sbin:/bin:/usr/bin
>> +PATH=/sbin:/bin:/usr/bin:/usr/sbin
>>
>> -test -x /usr/bin/ntpdate || exit 0
>> +test -x /usr/sbin/ntpdate || exit 0
>>
>>   if test -f /etc/default/ntpdate ; then
>>   . /etc/default/ntpdate
>> @@ -40,7 +40,7 @@ if [ -x /usr/bin/lockfile-create ]; then
>>   	LOCKTOUCHPID="$!"
>>   fi
>>
>> -if /usr/bin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then
>> +if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then
>>   	if [ "$UPDATE_HWCLOCK" = "yes" ]; then
>>   		hwclock --systohc || :
>>   	fi
>> diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc
>> index 79e7401..b52a7d6 100644
>> --- a/meta-networking/recipes-support/ntp/ntp.inc
>> +++ b/meta-networking/recipes-support/ntp/ntp.inc
>> @@ -24,14 +24,19 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
>>              file://sntp \
>>   "
>>
>> -inherit autotools update-rc.d systemd
>> +inherit autotools update-rc.d systemd useradd
>>
>>   # The ac_cv_header_readline_history is to stop ntpdc depending on either
>>   # readline or curses
>> -EXTRA_OECONF += "--with-net-snmp-config=no --without-ntpsnmpd ac_cv_header_readline_history_h=no"
>> +EXTRA_OECONF += "--with-net-snmp-config=no --without-ntpsnmpd ac_cv_header_readline_history_h=no --with-binsubdir=sbin"
>>   CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
>>
>> -PACKAGECONFIG ??= ""
>> +USERADD_PACKAGES = "${PN}"
>> +USERADD_PARAM_${PN} = "--system --home /etc/ntp \
>> +		       --no-create-home --shell /bin/false \
>> +		       --user-group ntp"
>> +
>> +PACKAGECONFIG ??= "openssl"
>>   PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
>>                             --with-openssl-incdir=${STAGING_INCDIR} \
>>                             --with-crypto, \
>> @@ -91,10 +96,10 @@ RCONFLICTS_ntpdate += "ntpdate-systemd"
>>
>>   RSUGGESTS_${PN} = "iana-etc"
>>
>> -FILES_${PN} = "${bindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${sbindir} ${libdir}"
>> -FILES_${PN}-tickadj = "${bindir}/tickadj"
>> -FILES_${PN}-utils = "${bindir}"
>> -FILES_ntpdate = "${bindir}/ntpdate \
>> +FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir}"
>> +FILES_${PN}-tickadj = "${sbindir}/tickadj"
>> +FILES_${PN}-utils = "${sbindir}"
>> +FILES_ntpdate = "${sbindir}/ntpdate \
>>       ${sysconfdir}/network/if-up.d/ntpdate-sync \
>>       ${bindir}/ntpdate-sync \
>>       ${sysconfdir}/default/ntpdate \
>> @@ -122,4 +127,3 @@ else
>>       fi
>>   fi
>>   }
>> -
>>